Cam Smith reports: Nearly three years after Vermont’s largest hospital fell victim to a ransomware attack, hospital officials say they’ve made progress toward better systems to protect patient information. During the breach, nearly 1,300 servers were compromised on more than 5,000 devices across the UVM Health Network. Hospital officials say while no patient or employee…
Category: Health Data
Ransomware group starts leaking data allegedly from NJ cardiology consultants group
On September 23, DataBreaches reported that the NoEscape ransomware gang had added Mulkay Cardiology Consultants (Mulkay) in New Jersey to their leak site with a date of September 2. At the time, they claimed to have successfully encrypted them and exfiltrated 60 GB of files. “We have 60GB of confidential and personal data on more…
88% of Hospitals And Other Health-Care Organizations Faced Cyberattacks Last Year
Fewer health-care organizations are paying ransoms, but the average payment has soared. Eric Geller reports: Hospitals, clinics and other health-care organizations are facing a barrage of cyberattacks and struggling to provide normal services amid computer outages and loss of important files, according to newly published research by Proofpoint, an email security firm. Nearly 90% of…
OrthoAlaska notifies 176,203 patients of breach. When was the breach? (1)
On October 12, 2022 — almost a full year ago — OrthoAlaska discovered unauthorized activity on their systems. On March 3, 2023, they learned that information on former employees was stored in the system. On April 3, 2023, they notified those affected. And that’s where things remained until September 22, 2023, when OrthoAlaska notified HHS…
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties
DarkReading reports: 23andMe, the popular DNA testing company, has launched an investigation after client information was listed for sale on a cybercrime forum this week. On Oct. 1, a post was published on the forum with a link to a sample of allegedly “20 million pieces of data” from the genetic testing company, claiming that it…
HC3: Monthly Cybersecurity Vulnerability Bulletin
October 05, 2023 TLP:CLEAR Report: 202310051200 September Vulnerabilities of Interest to the Health Sector In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September…